A group of cybercriminals previously affiliated with the ransomware group Darkside hacked the website of a security camera supplier and injected malware into a Windows application that the company’s customers used to configure and manage their security channels.
The hacking of the website took place on May 18 this year and continued until early June, when specialists from the information security firm Mandiant discovered malware and notified the affected company.
The malware was hidden inside a customized version of the Dahua SmartPSS app for Windows. After downloading and installing, the malicious application infected the company’s systems with a version of the SMOKEDHAM backdoor.
Although the Darkside ransomware was terminated in mid-May this year due to the aftermath of the attack on the Colonial Pipeline, experts have linked the recent attack on the security camera supplier to one of the three main subgroups of Darkside, tracked as UNC2465. Although the UNC2465 attack did not install Darkside ransomware on the victim’s internal networks, attackers could potentially exploit another RaaS (ransomware-as-a-service).
Catch up on more articles here
Follow us on Twitter here